Single-chip system, method for operating a single-chip system, and motor vehicle

ABSTRACT

Single-chip system, having multiple computing units, in particular computer cores and/or CPUs, at least one input/output unit, a memory unit, and an input/output control unit that coordinates the communication between the computing units and the at least one input/output unit, wherein the single-chip system further has an attack detection unit, produced as hardware, that is connected by means of a hardware signal connection to at least the input/output control unit as a component of the single-chip system and evaluates input signals received from the input/output control unit for a rule infringement in a set of attack detection rules, which rule infringement needs to be logged and/or responded to with at least one measure.

TECHNICAL FIELD

The present disclosure relates to a single-chip system, having multiplecomputing units, in particular, computer cores and/or CPUs, at least oneinput/output unit, a memory unit, and an input/output control unit thatcoordinates the communication between the computing units and the atleast one input/output unit. In addition, the present disclosure relatesto a method for operating such a single-chip system, and a motorvehicle.

BACKGROUND

Single-chip systems, frequently also known as “system on a chip” or SoC,have already been proposed in the prior art. In general, a plurality ofcomputing units, in particular computer cores, which can be operatedsimultaneously, are realized by such single-chip systems, whereinfurther components of the single-chip system provide memory space andinput/output options (I/O) or realize data exchange between theaforementioned components. An example of such a component of thesingle-chip system, which coordinates data exchange between componentsof the single-chip system, is an input/output control unit thatcoordinates the communication between the computing units and the atleast one input/output unit. Ultimately, such an input/output controlunit coordinates the inward and outward data flow via differentconnections of the single-chip system at the computing unit level oralso at the level of virtual computing components. For example,computing power or computing power portions of different computing unitscan be combined. For such input/output control units, different termsare known in the prior art, for example, SMMU (system memory managementunit) from Samsung.

Due to the flexibility, computation rate, and low installation spacerequirements of such single-chip systems, their area of application isconstantly increasing. For example, it is conceivable to providedifferent operating systems on a single-chip system, which allow for theparallel execution of different applications; it is further conceivableto map different security levels/security requirements using differentoperating systems or computing units or computing components, so that,for example, a wide variety of functions can be implemented by such asingle-chip system. Accordingly, the use of single-chip systems incontrol units of motor vehicles has already been proposed, where, forexample, the concept of a so-called “central advanced driver assistancesystem” can be implemented using at least one such single-chip system,on which both less safety-critical functions, for example, multimediafunctions, and functions more critical to safety, for example, functionsrelating to vehicle guidance, can be executed. Security requirements arespecified for a variety of these functions, which are defined by the ISO26262 standard. Correspondingly safety-critical functions, to which asecurity requirement, for example, an ASIL, is assigned, must beexecuted by components certified with regard to the standard, whichnaturally also applies to subcomponents of the single-chip system.

So-called “intrusion detection systems” (IDS) have already been proposedin software-based systems. An IDS is used to identify compromisedsystems and to provide the option of responding to a compromised systemthat has been attacked (IPS or intrusion prevention system). An IDS addsmore software to an overall system and thus provides additional attackpaths that must also be taken into consideration with regard to securitywhen risk analysis is performed. In addition, such IDSs entail loss ofperformance because computing power is required for the correspondingsoftware means realizing the IDS.

In modern single-chip systems with a plurality of computing units,especially when combining different security requirements, securitymeasures are frequently implemented by a strong separation betweensubsystems of different security requirements. Such a separation can beprovided by the introduction of hardware-based mechanisms, for example,guard pages in memory units. Another example is a hardware-basedseparation of access to memory areas (“memory access control”).

With regard to single-chip systems, IDS are usually not used because noadditional attack paths are supposed to be opened by additionalsoftware, and loss of performance is supposed to be prevented as much aspossible. In addition, interaction with already existing securitymechanisms is supposed to be prevented as much as possible.

US 2009/0113141 A1 relates to a memory protection system and anassociated method. In this case, a memory access control unit for sharedmemory is provided, wherein a permission table that defines read andwrite permissions for the majority of computing units is also provided.A memory fault detector, which has an input for receiving memory accessqueries, is coupled, wherein a logic determines whether the memoryaccess thus described would conflict with the permission table.

BRIEF DESCRIPTION OF DRAWINGS/FIGURES

FIG. 1 illustrates a schematic diagram of a single-chip system inaccordance with some embodiments.

FIG. 2 illustrates an abstracted depiction of an architecture of asingle-chip system in accordance with some embodiments.

FIG. 3 illustrates a schematic depiction of the architecture of asingle-chip system in accordance with some embodiments.

FIG. 4 illustrates a schematic diagram of a motor vehicle in accordancewith some embodiments.

DETAILED DESCRIPTION

The problem addressed by the present disclosure is that of providing arealization of an “intrusion detection system” (IDS) for a single-chipsystem, which allows for extensive detection options at the most secureimplementation possible, which also influences the performance of thesingle-chip system as little as possible.

In some embodiments, the above-mentioned problem is solved, according tothe present disclosure, in that it is provided in a single-chip systemof the initially described type that the single-chip system further hasan attack detection unit, produced as hardware. The attack detectionunit is connected by means of a hardware signal connection to at leastthe input/output control unit as a component of the single-chip system.It evaluates input signals received from the input/output control unitfor a rule infringement in a set of attack detection rules, which ruleinfringement needs to be logged and/or responded to with at least onemeasure.

In some embodiments, the attack detection unit thus forms part of an IDSor even an IDPS (intrusion detection and prevention system). Signalsfrom a plurality of components of the single-chip system, comprising atleast the input/output control unit, are used and evaluated for apossible attack, independently of the remaining operation of thesingle-chip system, which makes it possible to give an attacker theillusion that the activity of the attacker has not yet been detected.Additional hardware is therefore added within the single-chip system,which comprises at least hardware signal connections from differenthardware-based components of the single-chip system to a separated IDS.The use of such a separated IDS prevents the use of pure, vulnerablesoftware, and, therefore, does not add any new points of attack becausethe IDS works via the additional, otherwise unused hardware signalconnections and ideally does not interact with the other computing unitsin a receiving or attackable manner. As a result, there is also minimalinfluence on existing security mechanisms, and it is ensured that theIDS itself is provided in a secure area of the single-chip system. Thedetection of an attack or corruption of the single-chip system cannot behidden behind an infected part of the single-chip system, particularly apart already taken over; the use of separate additional hardware alsomakes it possible to implement IDS without sacrificing the computingpower of the computing units.

In some embodiments, the set of attack detection rules can but does notnecessarily have to be realized as part of the attack detection unit. Itis also conceivable to provide the set of attack detection ruleselsewhere, i.e., decentrally, as hardware, for example, on thecomponents which supply input data to the attack detection unit. Adecentralized design of the set of attack detection rules can furtherreduce the computing power that must be provided for the attackdetection unit.

In some embodiments, the attack detection unit is realized as a separatehardware component of the single-chip system, for example, as an ASICand/or a separate additional computing unit (CPU/computer core). Theattack detection unit thus represents a hardware component invisible tothe computing units, which can carry out the monitoring for attacks inthe background, unaffected by other processes within the single-chipsystem, in accordance with the set of attack detection rules.Accordingly, neither additional points of attack are realized, nor is ittransparent to an attacker, whether or not the attack has already beendetected. Furthermore, there is no loss in terms of the computing powerof the single-chip system because no influence is exerted on thecomputing units defining said computing power unless a measure isrequired, as will be described in more detail below. For that purpose,the hardware signal connection is designed as a signal line for thesignals to be transmitted. By way of a non-limiting example, the signalline can only be used in one direction.

In some embodiments, a similarly secure, preferred variation is providedif the attack detection unit is realized as part of an inspection unitprovided for monitoring a component, in particular, a computing unitand/or a virtual computing component, of the single-chip system, andrealized as an additional computing unit, particularly analyzing ashadow memory. In other words, if additional hardware is alreadypresent, which is “invisible” to the computing units and extremelypowerful and thus usually realized as an additional computing unit, andwhich monitors a virtual computing component using one computing unitand/or computing power of a plurality of computing units and which canbe understood as an inspection unit or part of an inspection system,such a hidden inspection unit, which cannot be accessed by the computingunits, can also be used to additionally realize the attack detectionunit of the IDS in that location. Such an inspection unit canparticularly check a shadow memory for inadmissible states and/ormalfunctions of the computing unit and/or the virtual computingcomponent and, as a further component of the single-chip system, canitself supply input signals to the attack detection unit.

In some embodiments, the attack detection component comprises at leastone of the computing units, in particular a computing unit of thehighest security level, with a corresponding software means, so that,for example, a computing unit can be realized exclusively for the IDS orits attack detection component. In this case, computing power issupposed to be diverted but, if possible, without access by the othercomputing units resulting in a power reduction of the single-chipsystem. However, depending on the overall structure of the single-chipsystem, it may open attack paths. Therefore, a computing unit of thehighest security level, and consequently a computing unit (and/or also avirtual computing component) that meets the highest securityrequirements is preferably selected because in the event of an attack,the computing unit (or computing component) that meets the highestsecurity requirements will be compromised last. In some cases, it isalso conceivable that a plurality of attack detection components isrealized by using a plurality of, in particular all, computing unitswith appropriate software means. This is based on the consideration thatnot all computing units are usually compromised at the same time, sothat detection of the attack is still possible in any case. By way of anon-limiting example, it also applies analogously that a plurality of,in particular all, virtual computing components of the single-chipsystem can be used. It must generally be noted that such virtualcomputing components can be implemented or defined, for example, by aso-called hypervisor. However, in many single-chip systems, in whichalso security-critical applications are supposed to meet a securityrequirement according to a security standard, it is usually not possibleto obtain certified hypervisor units, so that a further systemseparation frequently exists.

In some embodiments, the set of attack detection rules, which is storedin, or can be accessed by, the attack detection unit, can also beunderstood as an “IDS policy.” Depending on the extent to which theinput signals have already been pre-evaluated by the transmittingcomponents of the single-chip system, by way of a non-limiting example,the set of attack detection rules can only contain rules for loggingevents, and, therefore, for filtering information, and/or for selectingmeasures; however, it is also conceivable that the set of attackdetection rules can provide a basis for classifying an event as anattack, and thus, for example, in addition to otherwise stored accesstables, can describe permitted and not permitted events or assign themto these attack classes.

In some embodiments, the attack detection unit may receive input signalsfrom all important or critical components of the single-chip system, inparticular from all coordination components. Still, the monitoring ofthe input/output operation by receiving signals of the input/outputcontrol unit has proven to be pivotal because attacks must take placefrom the outside into the single-chip system. Still, in essentially allcases, the attacks affect a communication toward the outside of thesingle-chip system so that the input/output (I/O) is an essential pointto be monitored and is in any case tapped by the configuration accordingto the invention.

In some embodiments, to query or receive input signals from a pluralityof components of the single-chip system and to analyze them using theset of attack detection rules, a further hardware signal connection ofthe attack detection unit to at least one further component of thesingle-chip system may be provided, wherein the input signals receivedby the said component are also evaluated for a rule infringement in aset of attack detection rules, which rule infringement needs to belogged and/or responded to with at least one measure. In other words,input signals are received via specific additional hardware signalconnections from components of the single-chip system transmitting allrelevant information about attacks.

In some embodiments, at least one further component provided is a memoryaccess control unit and/or the memory unit. Memory-related componentsrepresent a further, extremely important point, at which attacks/anintrusion can be determined because, in order to manipulate the functionof applications executed on computing units or virtual computingcomponents, the memory access may be manipulated, wherein, for example,unallocated memory areas can be accessed. In such a case, it isparticularly advantageous if the memory access control unit includes amemory access register and/or the input signals received from the memoryunit describe accesses to guard pages of the memory unit that aredefined particularly on a physical level. Memory access registers definewhich computing unit/virtual computing component can or is supposed toor wants to access which memory areas. Such memory access registers arealso called “MAR.” Corresponding memory access control units, which havea memory access register or MAR, are particularly suitable as a sourcefor identifying harmful intentions on the basis of access tonon-permitted memory areas. Guard pages are basically already known inthe prior art and preferably represent memory areas which are defined ona physical level and which cannot be accessed by any of the computingunits/virtual computing components, and which usually separate memoryareas allocated to computing units and/or virtual computing componentsfrom one another, for example, in order to cause attacks directed at anoverflow to fail because an attempt to access a guard page usuallyresults in a functional termination. Within the scope of the presentdisclosure, it is now proposed to generate a hardware interrupt on thepart of the memory unit as an input signal for the attack detection unitwhen an attempt is made to access, i.e., to write on or read, a guardpage. Such signals thus indicate a non-permissible access to memories.For this purpose, it is particularly preferred if input signals arereceived via hardware signal connections from both the memory unit andfrom the memory access control unit because this creates a two-layersecurity system, wherein input signals from the memory access controlunit indicate harmful intentions, and input signals from the guard pagesindicate a harmful successful access. In such case, the correspondingresponses to the different detections can of course be different.

In some embodiments, the set of attack detection rules can containfurther restrictions with regard to the memory unit than, for example, amemory access register or a memory access control unit in general. Inaddition to access restrictions defined in the set of attack detectionrules, types of access can also be analyzed, for example, sizerestrictions of data objects to be written or read, contentrestrictions, and the like. It must be pointed out that similar attackdetection criteria of the set of attack detection rules can, in additionto the memory unit and/or the memory access control unit, naturally alsobe used for further components, in particular also with regard to theinput/output control unit.

In some embodiments, it can be provided that the input signals receivedby the memory access control unit describe a load on a memory busconnecting the computing units and the memory unit. A correspondingproperty describing the load of a memory bus can be obtained from memoryaccess control units with a memory access register (MAR). If, forexample, a computing unit or a virtual computing component is present,on which an application is executed, in which the exact timing or thefastest possible response is critical, for example, a securityapplication in a motor vehicle, it usually also requires access to thememory unit, i.e., the MAR. It is required that access to thecorresponding memory areas of the memory unit is always available. Aharmful attack application on one or more other computing units orvirtual computing components can attempt to prevent the time-criticalapplication from accessing the memory areas by DoS attacks (“denial ofservice”), spoofing, and the like, wherein the memory bus is floodedwith queries, for example.

In some embodiments, the memory access control unit and/or the attackdetection unit can be designed such that such attacks can be detected.In the case of a detection, various measures can be carried out in thesense of an “intrusion prevention,” for example, a reset of thecomputing units/virtual computing components executing the attackapplication and/or a reduction in the clock speed as a less drasticresponse. The measures described here by way of example are implementedwithin the framework of the single-chip system outside the memory accesscontrol unit (MAR unit) with the IDS, or herein particularly with theIPS (intrusion prevention system), realized by the attack detectionunit.

In some embodiments, in the case of a partial implementation of theattack detection by generating corresponding input signals for theattack detection unit within the memory access control unit, aconfiguration is preferably selected, in which the corresponding signalgeneration for the input signals for the attack detection unit to beprovided to the hardware signal connection are hardware-coded anddetermined in an unchangeable manner, which significantly increasessecurity. However, it is preferred to largely enable the implementationby means of the attack detection unit and the set of attack detectionrules stored therein because then, as will be discussed in more detailbelow, particularly an implementation can also take place in this mannerdue to the clear separation of the IDS from the computing units/virtualcomputing components such that dynamic changes are possible, forexample, a change in the set of attack detection rules.

In some embodiments, at least one of the at least one further componentis an inspection unit provided for monitoring a shadow memory. If theattack detection unit, as already described above, is integrated intosuch an inspection unit, a further inspection unit can also stillcommunicate with the attack detection unit via a hardware signalconnection. Inspection units of this type, as already explained, areused to detect malfunctions of a particularly security-criticalapplication by monitoring the shadow memory. For example, via a shadowmemory manager (SMM) which is connected to a security operating systemon at least one computing unit or virtual computing component designedto fulfill a security requirement, shadow-memory memory images aregenerated which are accessed by the inspection unit which is entirelyindependent from said computing unit/virtual computing component. Thismakes it possible to check the shadow memory and thus the actions in thesecurity operating system of the at least one computing unit or virtualcomputing component and to determine inconsistencies which can result incorresponding input signals to the attack detection unit. It isparticularly advantageous to couple the IDS to such inspection unitsbecause they represent important sources of information about attacks.

In some embodiments, at least one of the at least one further componentcan furthermore be a computing unit clock (CPU clock) and/or a powermanagement unit and/or an interrupt controller, wherein the inputsignals coming from said components can be evaluated with regard to autilization of the single-chip system. In this manner, it is alsopossible to detect DoS attacks if, for example, a particularly largenumber of computing operations/queries from at least one of thecomputing units/at least one virtual computing component occur. Byobserving the CPU clock, it can also be determined whether a so-called“tuning,” for example, an increase in the clock speed, is supposed totake place due to an attack. A power management unit can be used tocheck how many calls originate from the different computingunits/virtual computing components; an interrupt controller providesinformation on how many interrupts are present, which is particularlyrelevant for the DoS attacks mentioned.

In some embodiments, at least one of the at least one further componentis a configuration register for at least some of the computing units,the input signals of which are checked for configurations which areimpermissible in accordance with the set of attack detection rules. Forexample, specific configurations of computing units/virtual computingcomponents can be marked as not permitted and be detected accordingly.If the single-chip system also has a runtime checker, it can also be auseful further component. In this case, runtime checkers examine memorycontents, for example, form checksums/hash values and carry out statuscomparisons, from which suitable input signals for the attack detectionunit can also be derived. In single-chip systems, such runtime checkersare often implemented as hardware and also represent reliable sources.

In some embodiments, at least one of the at least one component canpreferably be or comprise a debug interface of the single-chip system.Single-chip systems frequently have debug interfaces, by means of whichaccess and control power can ultimately be obtained over a multiplicity,particularly all, of the components of the single-chip system. While itmay well be provided that such debug interfaces are deactivated aftercompletion of the single-chip system, and thus during a later use, theycan possibly also be restored by a hardware intervention by an attacker.In such cases or when the debug interface is not deactivated, itrepresents a gateway for attacks, which is monitored by the IDS, hereinspecifically by the attack detection unit.

In the case of single-chip systems which also have a so-called guaranteebit, input signals can moreover also be received from a componentcomprising the guarantee bit via a hardware signal connection becauseattack events can also result in the guarantee bit being “switched.”However, this is usually a one-time occurring, irreversible process thatcan also be triggered by non-attack processes, so that input signals ofa component comprising a guarantee bit are preferably evaluated jointlywith other input signals in order to classify at least one event as anattack.

In some embodiments, at least one of the at least one componentconnected to the attack detection unit by means of a hardware signalconnection can be designed to pre-evaluate and/or filter the inputsignals to be transmitted to the attack detection unit. This means thatpart of the intelligence of the IDS can already be realized within thecomponent supplying the input signals, for example, by only forwardingto the attack detection unit specific signals that have already beenpre-filtered and/or are the result of a pre-evaluation. Thesecomponent-side portions of the signal processing are preferablydetermined in hardware in an unalterably encoded manner, for whichcorresponding methods are already known in the prior art, in order toavoid a manipulative attack at this point. As a result, the authenticityof the input signals forwarded to the attack detection unit can beensured, at least as long as no hardware attack takes place.

In some embodiments, in order to increase security, the set of attackdetection rules, hence the IDS policy mentioned, is unalterablydetermined as hardware or, in a secured method, is alterable,particularly using secret information which is unalterably encoded ashardware in the single-chip system. For such purpose, it is preferred toallow a changeability in a secured method since the attack detectionunit, as has been described, is in any case designed such that computingunits/virtual computing components or other possibly manipulatingcomponents cannot exercise any manipulative access to the attackdetection unit. By storing secret, in particular also shared,information and a preferably separate configuration connection for theattack detection unit, it is possible to update or generally adapt theset of attack detection rules in a secure method, for example, by usingkeys as secret information. For this purpose, the secret information canbe encoded as part of or specifically connected to the attack detectionunit, wherein, however, it is also conceivable to use a determined andunalterable secret information already provided in the single-chipsystem. By way of a non-limiting example, a one-time determination ofthe set of attack detection rules can also be provided, for example,during the production of the single-chip system and/or through aone-time programmability at a later point in time, for example, duringthe manufacture of an overall device, in particular a motor vehicle thatis supposed to contain the single-chip system. For example, thesingle-chip system can be sealed using techniques such as “fusing” orthe like, once the set of attack detection rules is determined.

In some embodiments, for logging, different approaches are possiblewhich can also be used in combination. For example, it can be providedthat the attack detection unit is designed, particularly on the basis ofthe set of attack detection rules, to log an event classified as anattack in an internal and/or an external memory device and/or to forwardthe event classified as an attack to a computing device external to thesingle-chip system. Therefore, an internal logging in an internal memorydevice is conceivable, which, for example, can be read out at a latertime in order to be able to analyze attacks that have possibly takenplace and to determine data for improving the single-chip system or thesoftware means used therein. However, it is also conceivable andpreferred according to the present disclosure that an external loggingis carried out by means of an external memory device and/or an externalcomputing device. In this context, it is in principle conceivable, butless preferred, to provide a separate input/output unit for the attackdetection unit, since such specifically provided input/output units haveto be realized in a space-consuming manner and increase the complexityof the single-chip system. According to the present disclosure, it istherefore preferred to use at least one of the at least one input/outputunit which can also be utilized by the computing unit. For this purpose,for example, hardware output lines from the attack detection unit to thecomputing units and/or the input/output unit and/or the input/outputcontrol unit can be realized, which are preferably unidirectional inorder to prevent access to the attack detection unit via said hardwareoutput lines. Communication via an input/output unit to an externalmemory device/computing unit can take place, for example, via at leastone of the computing units, wherein the safest computing units/computingunit are/is preferably used when the number of computing units is smallor one. In other words, for forwarding to the outside, a processing unitis addressed which is likely to be taken over at a later stage, if atall, in the event of an encroachment. It can also be expedient toforward the corresponding output signals for forwarding/logging an eventclassified as an attack to all computing units of the single-chipsystem, since it is unlikely that all of these computing units havealready been compromised, so that the forwarding of the output signalvia the input/output unit can essentially be ensured.

In some embodiments, for a forwarding to the external computing deviceand/or the external memory device, a chip ID identifier that can be readout from a chip ID answerback unit is expediently added to the eventdata describing the event classified as an attack, i.e., particularly tothe output signal. In this manner, it can also be determined in theexternal memory device/external computing device, to which single-chipsystem the event data relate.

In some embodiments, the attack detection unit, when evaluating theinput signals, is designed to determine event data describing a cause ofan event classified as an attack and/or describing the type of event,wherein particularly also event data describing the time of the eventare determined. With regard to logged events to be evaluated and/or theadoption of measures, it is therefore expedient to know in the case ofan event, which component of the single-chip system has performed whatkind of activity that has been classified at least as a potentialattack. If a time stamp is already available, for example, in the inputsignals, it seems prudent to also add said time stamp to the event data.For this purpose, it is expedient to not provide the attack detectionunit itself with a timer because it would have to be synchronized withthe remaining timers of the single-chip system, which could represent apossible point of attack into the attack detection unit.

In some embodiments, if security-critical applications have to beexecuted by at least some of the computing units, security requirementsfor components or parts of components of the single-chip system can thusbe provided, for example, in a motor vehicle, in which the single-chipsystem is supposed to realize security functions and/or automaticvehicle guidance functions. Such security requirements usually manifestthemselves by compliance with a standard, wherein, in the example ofmotor vehicles as an overall device, in which a single-chip systemaccording to the present disclosure is used particularly in a controldevice, such a standard as the ISO 26262 standard exists, whichdetermines different security requirements as so-called automotivesafety integrity level (ASIL) classes. If a part of the components ofthe single-chip system is designed to meet a security requirement, saidsecurity requirement may be transmitted, at least partially, to the IDS,i.e., particularly to the attack detection unit, especially in the eventthat measures are also supposed to be taken in response to eventsclassified as an attack. However, due to the effort required to meet thesecurity requirement, it is less preferred in this context to design theentire attack detection unit, and thus also the portions that relate tonon-security-critical applications/functions, in accordance with the(highest) security requirement. If a security requirement is present, itis thus conceivable that an attack detection unit that meets thesecurity requirement is provided for at least some of the components ofthe single-chip system.

In some embodiments, at least two attack detection units are used,wherein at least one of them meets the security requirement of theattack detection unit that carries out the portion of the evaluation ofthe input signals which concern the security requirement. An attackdetection unit of an IDS, in particular an IDPS, which evaluates inputsignals, can thus be “disassembled” in order to implement only theportions that actually relate to the security requirement in a moreelaborate form and also meet the security requirement. For example, acertified implementation of the attack detection unit that fulfills thesecurity requirement can take place.

As already mentioned, the need to meet the security requirements isparticularly given when a response, and therefore a measure, is providedfor the part of the single-chip system that fulfills the securityrequirement, for example, the termination and/or modification of acompromised application. After corresponding parts of the IDS have alsobeen realized to meet the security requirement, the execution of themeasures also results in the security requirement being met overall,without too much effort having to be made with regard to other parts ofthe IDS.

As already mentioned, in addition to the realization of an IDS(intrusion detection system), the execution of protective measures asmeasures for at least some of the events classified as attacks alsoresults in the realization of an IPS (intrusion prevention system),i.e., combined in an IDPS (intrusion detection and prevention system).In this case, it can therefore be said that the attack detection unit isadditionally designed as an attack prevention unit triggering at leastone protective measure for at least part of the events classified as anattack.

In some embodiments, the measure signals describing the protectivemeasures can be transmitted via hardware measure connections to thecomponents of the single-chip system affected by the measure and/or toall computing units and/or virtual computing components. These hardwaremeasure connections are designed to be unidirectional from the attackdetection unit to the corresponding components of the single-chip systemin order to prevent the components accessing the attack detection unit.Protective measures can include, for example, a deactivation and/orresetting of computing units and/or further components of thesingle-chip system and/or a change of operating parameters, for example,clock frequencies and/or access permissions. Termination and restart ofspecific applications are also conceivable.

In addition to the single-chip system, the present disclosure alsorelates to a method for operating a single-chip system as describedherein, in which input signals received from the attack detection unitfor classifying events corresponding to attacks are evaluated using theset of attack detection rules. All descriptions relating to thesingle-chip system can be applied to the method according to the presentdisclosure.

Finally, the present disclosure also relates to a motor vehicle, havingat least one control device with a single-chip system according tovarious embodiments as described in the present disclosure. Such asingle-chip system can be easily transferred particularly to a motorvehicle, for example, within the framework of the concept of a centraladvanced driver assistance system, wherein driver assistance functionsof different advanced driver assistance systems, for which particularlydifferent security requirements also apply, are to be executed jointlyin one control device and thus at least partially in one single-chipsystem. Especially with regard to safety-critical applications that canrealize driver assistance functions within a motor vehicle, it isextremely expedient to realize an IDS or particularly an IDPS. Anothervariation applicable to the present disclosure are infotainment systemswith portions that are supposed to meet a security requirement, forexample, an ASIL standard. Such portions relate, for example, toinformation originating from a control device that is supposed to meet asecurity requirement, and which are supposed to be displayed. Alldescriptions regarding the single-chip system can be transferredanalogously to the motor vehicle according to the present disclosure.

Further advantages and details of the present disclosure shall becomeapparent from the embodiments described below and by means of thedrawings.

FIG. 1 shows a schematic diagram of a single-chip system 1 according tothe present disclosure (system on chip or SoC). In the present case, thesingle-chip system 1 has, by way of example, four computing units 2designed as computer cores, in which different operating systems and/orapplications can be executed, wherein it is possible for a plurality ofcomputing units 2 to be assigned to one operating system/oneapplication, and/or a partial allocation is also possible, i.e., virtualcomputing components can be defined, for example, by a hypervisor.

In accordance with some embodiments, in order to provide RAM for thecomputing units 2, the single-chip system 1 further comprises a memoryunit 3 which has a memory space 5 divided into memory areas 4 for thecomputing units 2, wherein the memory areas 4 are each separated byguard pages 6. The access of the computing units 2 to the memory unit 3is coordinated by a memory access control unit 7 which can comprise acorresponding access register 8 (memory access register or MAR). Thesingle-chip system 1 comprises a plurality of input/output units 9 whichcan establish connections to the outside world and can comprise, forexample, a PCI Express interface and/or a UART interface and/or an I2Cinterface and/or an SPI interface and/or other interfaces and theassociated drivers.

A coordination is also provided with regard to the input/output (I/O),in accordance with some embodiments, via an input/output control unit10, in which an access register can also be present. Further componentsof the single-chip system comprise a debug interface 11, an interruptcontroller 12 and, as further components, not depicted for the sake ofclarity, a computing unit timer (CPU clock), a power management unit, aconfiguration register for at least some of the computing units 2, aguarantee bit, and a chip ID answerback unit.

Integrated in terms of hardware, the single-chip system 1 has an attackdetection system or IDS 13, which particularly has an attack detectionunit 14 implemented as separate hardware in the present embodiment, inwhich a set of attack detection rules 15 is stored, with which eventsdescribed by input signals can be classified as an attack, or not,wherein a precise classification of different attacks or theircriticality is naturally also possible. The attack detection unit 14receives the input signals from different components of the single-chipsystem via hardware signal connections 16 that are unidirectional. Inthe present case, the attack detection unit 14 receives input signalsvia hardware signal connections 16 at least from the memory unit 3, thememory access control unit 7, the input/output control unit 10, thedebug interface 11, and the interrupt controller 12. Further sources forinput signals can be the computing unit timer, the power managementunit, the configuration register, a runtime checker realized ashardware, and/or the guarantee bit.

The input signals can be generated directly as hardware interrupts andthe like and forwarded to the attack detection unit 14 in anunfiltered/unevaluated manner, in order to provide as few attack optionsas possible. However, configurations, in which a pre-evaluation and/orfiltering is performed by one of the components supplying the inputsignals, are also conceivable. As a result, the data load for the attackdetection unit 14 is reduced, and it can thus be realized in a smallersize/in a less complex manner.

The set of attack detection rules can be stored, unalterably encoded inhardware, i.e., as a one-time determination, in the attack detectionunit 14, wherein a basically alterable configuration is alsoconceivable, in which case secret information, for example, a key,stored unalterably in the single-chip system 1, is used to carry out anauthentication in the case of a change.

The set of attack detection rules 15 can determine classifications, forexample, when and how critically an attack is present, by describingwhat rights particularly the computing units 2, and/or the virtualcomputing components formed by said computing units 2, have. The set ofattack detection rules 15 can further describe how to deal with detectedattacks, i.e., what is supposed to happen when at least one event isclassified as an attack. The measures range from different loggingactions to possibly provided protective measures, wherein, in the lattercase, the attack detection unit 14 is also designed as an attackprevention unit, resulting overall in an IDPS 13 (intrusion detectionand prevention system). Logging can subsequently take place by means ofan internal memory device 17, to which a corresponding hardware outputline 18 is guided. However, it is also conceivable to communicate eventdata describing an event as a communicated attack toward the outside ofthe single-chip system 1, for which purpose a separate input/output unitcan additionally be provided for the attack detection unit 14 as a lesspreferred embodiment; however, with regard to the implementation, thisis elaborate, especially if a fast connection, particularly an Ethernetconnection, is to be used due to the time criticality that may exist.

In accordance with some embodiments, to use at least one of theinput/output units 9, for which a corresponding output signal (measuresignal or logging signal) can be transmitted via unidirectionallyrealized hardware measure connections 19 to all the computing units 2because it is less likely that all the computing units 2 are compromisedat the same time, and/or it can be transmitted to the input/outputcontrol unit 10. It is thus possible to forward the event data to anexternal memory device and/or computing device 20 for logging and/or forfurther processing, particularly also with regard to protectivemeasures. The event data, which describe a cause of an event classifiedas an attack, the type of event, and a time of the event, aresupplemented by a chip ID answerback unit that can be read out in thechip ID identifier, so that the external memory device and/or thecomputing device 20 can make a corresponding allocation.

With regard to the evaluation of the memory activities of the computingunits 2, the attack detection unit 14 can receive, for example, generalaccess information from the memory access control unit 7, which can beverified against permitted access queries according to the set of attackdetection rules 15. Particularly, accesses to the guard pages 6 are alsomonitored by hardware interrupts, so that ultimately a double securitycheck takes place.

If the attack detection unit 14 is also designed as an attack preventionunit, protective measures are therefore provided which can also beforwarded via the hardware measure lines 19 to corresponding components,particularly the computing units 2, which are supposed to execute theprotective measures. For example, internal timers of the computing units2 can be reset if a DoS attack is suspected, and/or computing unitsand/or virtual computing components can be reset and/or deactivated.Depending on the detected attack, a wide variety of protective measuresare therefore conceivable.

FIG. 2 structurally explains a second embodiment of a single-chip systemaccording to the present disclosure using a depicted section 21. In thisembodiment, the attack detection unit 14, once again realized as its ownhardware, also receives input signals via hardware signal connections 16from the components of the single-chip system 1 mentioned in relation tothe first embodiment.

In accordance with some embodiments, proceeding from the physicalcomponents (indicated by 22), three virtual computing components 24 aredefined by a hypervisor 23 using one or more computing units 2 by way ofexample, wherein, in the present case, said virtual computing components24 perform operating systems and applications which meet low securityrequirements. Since the hypervisor 23 is not certified with regard to asecurity standard, a further virtual computing component 25 is formedusing other computing units 2 in order to perform a security-criticalapplication that meets a higher security requirement, for example, asecurity function and/or vehicle guidance function in a motor vehicle.During operation of the virtual computing component 25, a shadow memory27 is described via a shadow memory manager 26, to which a shadow memoryinspection unit 28 is assigned, and which monitors and checks thecontents of the shadow memory 27, realized as its own hardware,particularly as its own additional computing unit, in order to be ableto determine errors, access violations and the like, thus detectingattacks by itself or at least creating the basis for an attackdetection. The inspection unit 28 is also connected to the attackdetection unit 14 via a hardware signal connection 16 in order toforward corresponding input signals which indicate a successful attackand/or which can be evaluated for the detection of such an attack.

It must be pointed out that in the embodiment according to FIG. 2 ,hardware measure connections 19 are not guided to the computing units 2of the virtual computing component 25 because in the present case, theinspection unit 28 and the attack detection unit 14 are not designed tobe certified for the security requirement of the virtual computingcomponent 25. This would change if the inspection unit 28 and the attackdetection unit 14 were to meet the security requirement, and were thuscertified, which is basically conceivable within the scope of thepresent disclosure; similarly, it would basically also be possible tointegrate the hardware of the inspection unit 28 and the attackdetection unit 14, for example, to utilize a common and additionalcomputing unit.

However, with regard to the security requirements, an improvedconfiguration is possible with less expenditure, as shown in FIG. 3 in asection 29, which corresponds to section 21, of a third embodiment of asingle-chip system 1 according to the disclosure. As can be seen, boththe inspection unit 28 and the attack detection unit 14 are divided intoportions which meet the security standard and those which do not have tomeet the security standard, so that inspection units 28 a and 28 b andattack detection units 14 a and 14 b are present. The inspection unit 28a is connected to the inspection unit 14 a via a hardware signalconnection 16, wherein both meet the security standard. The inspectionunit 28 b is connected to the attack detection unit 14 b via a hardwaresignal line 16, wherein both do not meet the security requirements andcan thus be realized in a simpler and less complex manner. In otherwords, the security-relevant portions of the IDS 13 or the IDPS areseparated, which, particularly due to the now certified attack detectionunit 14 a, also allows preventive measures to be taken on the virtualcomputing component 25 via a hardware measure connection 19. It must benoted that a plurality of virtual computing components 25, which canmeet the same or different security requirements, can naturally also bepresent.

FIG. 4 finally shows a schematic diagram of a motor vehicle 30 accordingto the present disclosure, having at least one control device 31 whichcomprises a single-chip system 1 according to the present disclosure. Ithas been shown that the technology described herein can be usedparticularly for motor vehicles, in which different securityrequirements/security standards can frequently also be present within acontrol device 31.

What is claimed is:
 1. A single-chip system, comprising: a memorymanagement unit; and a computing unit configured to: receive a signal,wherein the signal describes an event; evaluate the signal fordetermining infringement of one or more rules based on a set of rules,wherein the set of rules is embodied in hardware, wherein the set ofrules comprise restrictions to the memory unit; based on the evaluationof the signal and upon determination of an infringement of the one ormore rules, respond to the infringement of the one or more rules with atleast one preconfigured measure.
 2. The single-chip system of claim 1,wherein the computing unit is part of an inspection unit for monitoringa plurality of computing units or a virtual computing component of thesingle-chip system.
 3. The single-chip system of claim 1, wherein theset of rules is either unalterable in hardware or alterable using asecured method according to secret information encoded in the hardwarein the single-chip system.
 4. The single-chip system of claim 1, whereinthe computing unit is further configured to: determine event datacorresponding to a cause of an event, a type of the event, and/or timeof the event.
 5. The single-chip system of claim 1, wherein thecomputing unit is further configured to: pre-evaluate the signaltransmitted to a further computing unit for filtering the signal.
 6. Thesingle-chip system of claim 4, wherein the computing unit is furtherconfigured to: add a chip ID identifier to event data corresponding tothe event on the internal memory device or the external memory device.7. The single-chip system of claim 1, wherein the set of rules compriserules for logging events, for filtering information, for selectionmeasures, and/or for classifying events.
 8. A method for operating asingle-chip system, wherein the single-chip system comprises a memorymanagement unit and a computing unit, the method comprising: receiving,at the computing unit, a signal, wherein the signal describes an event;evaluating, at the computing unit, the signal for determininginfringement of one or more rules based on a set of rules, wherein theset of rules is embodied in hardware, wherein the set of rules compriserestrictions to the memory unit; based on the evaluation of the signaland upon determination of an infringement of the one or more rules,responding to the infringement of the one or more rules with at leastone preconfigured measure.
 9. The method of claim 8, wherein the set ofrules is either unalterable in hardware or alterable using a securedmethod according to secret information encoded in the hardware in thesingle-chip system.
 10. The method of claim 8, the method furthercomprising: determining event data corresponding to a cause of an event,a type of the event, and/or time of the event.
 11. The method of claim8, the method further comprising: pre-evaluating the signal transmittedto a further computing unit for filtering the signal.
 12. The method ofclaim 10, the method further comprising: adding a chip ID identifier toevent data corresponding to the event on the internal memory device orthe external memory device.
 13. The method of claim 8, wherein the setof rules comprise rules for logging events, for filtering information,for selection measures, and/or for classifying events.
 14. A motorvehicle, comprising a control device that comprises a single-chipsystem, wherein the single-chip system comprises: a memory managementunit; and a computing unit configured to: receive a signal, wherein thesignal describes an event; evaluate the signal for determininginfringement of one or more rules based on a set of rules, wherein theset of rules is embodied in hardware, wherein the set of rules compriserestrictions to the memory unit; based on the evaluation of the signaland upon determination of an infringement of the one or more rules,respond to the infringement of the one or more rules with at least onepreconfigured measure.
 15. The motor vehicle of claim 14, wherein thecomputing unit is part of an inspection unit for monitoring a pluralityof computing units or a virtual computing component of the single-chipsystem.
 16. The motor vehicle of claim 14, wherein the set of rules iseither unalterable in hardware or alterable using a secured methodaccording to secret information encoded in the hardware in thesingle-chip system.
 17. The motor vehicle of claim 14, wherein thecomputing unit is further configured to: determine event datacorresponding to a cause of an event, a type of the event, and/or timeof the event.
 18. The motor vehicle of claim 14, wherein the computingunit is further configured to: pre-evaluate the signal transmitted to afurther computing unit for filtering the signal.
 19. The motor vehicleof claim 17, wherein the computing unit is further configured to: add achip ID identifier to event data corresponding to the event on theinternal memory device or the external memory device.
 20. The motorvehicle of claim 14, wherein the set of rules comprise rules for loggingevents, for filtering information, for selection measures, and/or forclassifying events.